64-bit checksec + README

README.md

@@ -1,9 +1,48 @@
-# todo
+# helpelf: an open and lightweight ELF recon tool
 
-- display e_type and rest of header for 32/64
-- display protections
-- colorful
-- maybe display elf sections if command entered (??)
+helpelf aims to be a replacement to the `file` and `checksec` utilities that are used by many hackers. The tool does not rely on readelf like `checksec` does, but instead includes its own ELF parser. Works for both 32 and 64-bit versions of the standard.
 
-- security:
-enforce malloc secure fail
+## Installation
+
+This will install `helpelf` and the alias `he` on the command line. No dependencies are required besides the C toolchain & make utility.
+
+```
+make
+sudo make install
+```
+
+## Usage
+
+The output is colorful (not visible here).
+
+```
+$ helpelf 
+Usage: helpelf <file> [options]
+ -v --verbose             displays more information
+$ he a.out 
+a.out: 64-bit ELF (little-endian) amd64, NX enabled, PIE disabled, Stack canary enabled, Partial RELRO, Not stripped
+$ he a.out -v
+a.out: 64-bit ELF (little-endian) version 1 (executable file), amd64, statically linked, NX enabled, PIE disabled, Stack canary enabled, Partial RELRO, Not stripped
+```
+
+## Documentation
+
+The tool was developed according to the ELF 32 and 64 bit standards that can be found here:
+
+- [ELF-64 Object File Format](https://uclibc.org/docs/elf-64-gen.pdf)
+- [Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification](https://refspecs.linuxfoundation.org/elf/elf.pdf)
+
+## License
+
+This project is under the Unlicense (part of public domain).
+
+## TODO
+
+- optimization: find a workaround for 32/64 sec differentiation
+- verbose: display detailed header info
+- verbose: display elf sections
+
+## Known issues
+
+- the RELRO check gives false-negatives on Full RELRO (instead shows Partial-RELRO)
+- any contribution and/or feedback is highly appreciated. Open an issue/pull request if you'd like to add something.